Привет, всем пришедшим на канал,
Создаю его в основном для себя, чтоб публиковать различные записи, которые могут помочь в обучении Bug Hunter'а
Создаю его в основном для себя, чтоб публиковать различные записи, которые могут помочь в обучении Bug Hunter'а
Open Source Курс Hacker101, для начинающих Bug Hunter'ов
https://www.hacker101.com/
создан и поддерживается в рамках платформы HackerOne - https://www.hackerone.com/start-hacking
и обновляется через GitHub - https://github.com/Hacker0x01/hacker101
https://www.hacker101.com/
создан и поддерживается в рамках платформы HackerOne - https://www.hackerone.com/start-hacking
и обновляется через GitHub - https://github.com/Hacker0x01/hacker101
Hacker101
Home
Hacker101 is a free class for web security. Whether you’re a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.
Forwarded from ppxv
Telegraph
SQL инъекции для новичков
Для того, чтобы понять данную статью, вам не особо понадобится знания SQL-языка, а хотя бы наличие хорошего терпения и немного мозгов — для запоминания. Я считаю, что одного прочтения статьи будет мало, т.к. нам нужны живые примеры — как известно практика…
Интересный курс "CND - защита от хакерских атак"
https://openssource.biz/eksklyuziv-cnd-zashhita-ot-xakerskix-atak.html
https://cloud.mail.ru/public/GDrF/VQaiaoedn/
https://openssource.biz/eksklyuziv-cnd-zashhita-ot-xakerskix-atak.html
https://cloud.mail.ru/public/GDrF/VQaiaoedn/
openssource.biz
[ЭКСКЛЮЗИВ] CND: Защита от хакерских атак | OPENSSOURCE — Халява, раздачи, обзоры, схемы заработка, скачать курсы, тренинги, книги…
Курс: "CND: Защита от хакерских атак". Нереально шикарный материал по информационной безопасности от специалистов! О курсе только шикарные отзывы (как и со стороны выпускников, так и со стороны складч...
Курс The Complete Ethical Hacking Course Beginner To Advanced от Udemy
https://archive.org/download/TheCompleteEthicalHackingCourseBeginnerToAdvanced
https://archive.org/download/TheCompleteEthicalHackingCourseBeginnerToAdvanced
Forwarded from HackerOne (xDD)
🗣
How to become a Bug Bounty Hunter 💪
https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter
How to become a Bug Bounty Hunter 💪
https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter
Давно здесь ничего не публиковал, даже канал свой потерял среди остальных. Нашел его случайно при поиске по теме bug hunting 😂
tips from https://youtu.be/CU9Iafc-Igs
So here are the tips/pointers I give to anyone that’s new to Bug bounty / bounties and apptesting.
1. Sign up for Hackerone to get Petes book Webhacking 101 bit.ly/hackerone-stok
2. Watch anything you can from Jason Haddix just google it.
3. Watch all the tutorials and do the CTF on Hacker101 bit.ly/hacker101-stok
4. Sign up for Pentersterlab and try their stuff out! bit.ly/pentesterlab-stok
5. Watch everything on https://www.bugcrowd.com/university
6. Sign up for Hackerone (bit.ly/hackerone-stok) Bugcrowd or any other BB platform.
7. Get a Burp pro license, its way better than getting a “ethical hacker course” https://portswigger.net/
8. Find a program that you like and vibe with, its more fun to hack on a program or brand you like.
9. Don’t waste time on VDP’s
10. Don’t be discouraged that everyone else has automated everything, its just not true.
11. Always approach a target like you’re the first one there. Your view is unique.
12. Remember, Zero days can be new bugs in old code. Tavis has shown that over and over again.
13. Be proud of your work, you did this!
//STÖK..
ps,., stay epic..
So here are the tips/pointers I give to anyone that’s new to Bug bounty / bounties and apptesting.
1. Sign up for Hackerone to get Petes book Webhacking 101 bit.ly/hackerone-stok
2. Watch anything you can from Jason Haddix just google it.
3. Watch all the tutorials and do the CTF on Hacker101 bit.ly/hacker101-stok
4. Sign up for Pentersterlab and try their stuff out! bit.ly/pentesterlab-stok
5. Watch everything on https://www.bugcrowd.com/university
6. Sign up for Hackerone (bit.ly/hackerone-stok) Bugcrowd or any other BB platform.
7. Get a Burp pro license, its way better than getting a “ethical hacker course” https://portswigger.net/
8. Find a program that you like and vibe with, its more fun to hack on a program or brand you like.
9. Don’t waste time on VDP’s
10. Don’t be discouraged that everyone else has automated everything, its just not true.
11. Always approach a target like you’re the first one there. Your view is unique.
12. Remember, Zero days can be new bugs in old code. Tavis has shown that over and over again.
13. Be proud of your work, you did this!
//STÖK..
ps,., stay epic..
YouTube
HOW TO GET STARTED IN BUG BOUNTY (9x PRO TIPS)
So here are the tips/pointers I give to anyone that’s new to Bug bounty / bounties and apptesting.
1. Sign up for Hackerone to get Petes book Webhacking 101 bit.ly/hackerone-stok
2. Watch anything you can from Jason Haddix just google it.
3. Watch all the…
1. Sign up for Hackerone to get Petes book Webhacking 101 bit.ly/hackerone-stok
2. Watch anything you can from Jason Haddix just google it.
3. Watch all the…
Описание интересной php ошибки в треде https://twitter.com/0dayWizard/status/1452066438479503366?t=FTP2y495dz_CT-NUfNBxcA&s=19
Twitter
MLT
There are some useful quirks in PHP's URL handling that can be abused for LFI. So most of u guys prob know that: /etc/passwd is the same as: /etc/passwd/ or even: /etc/passwd/// (as many trailing slashes as u want) Another quirk of PHP is paths > 4096 bytes…
Forwarded from S.E.Book
📓 Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities.
💬 Bug bounty programs are company-sponsored programs that invite researchers to search for vulnerabilities on their applications and reward them for their findings. This book is designed to help beginners with little to no security experience learn web hacking, find bugs, and stay competitive in this booming and lucrative industry.
💬 You’ll start by learning how to choose a program, write quality bug reports, and maintain professional relationships in the industry. Then you’ll learn how to set up a web hacking lab and use a proxy to capture traffic. In Part 3 of the book, you’ll explore the mechanisms of common web vulnerabilities, like XSS, SQL injection, and template injection, and receive detailed advice on how to find them and bypass common protections. You’ll also learn how to chain multiple bugs to maximize the impact of your vulnerabilities.
📌 Download.
#Bug_Bounty #Book
💬 Bug bounty programs are company-sponsored programs that invite researchers to search for vulnerabilities on their applications and reward them for their findings. This book is designed to help beginners with little to no security experience learn web hacking, find bugs, and stay competitive in this booming and lucrative industry.
💬 You’ll start by learning how to choose a program, write quality bug reports, and maintain professional relationships in the industry. Then you’ll learn how to set up a web hacking lab and use a proxy to capture traffic. In Part 3 of the book, you’ll explore the mechanisms of common web vulnerabilities, like XSS, SQL injection, and template injection, and receive detailed advice on how to find them and bypass common protections. You’ll also learn how to chain multiple bugs to maximize the impact of your vulnerabilities.
📌 Download.
#Bug_Bounty #Book
Forwarded from S.E.Book
📓 Ethical Hacking: A Hands-on Introduction to Breaking In.
💬 You’ll begin with the basics: capturing a victim’s network traffic with an ARP spoofing attack and then viewing it in Wireshark. From there, you’ll deploy reverse shells that let you remotely run commands on a victim’s computer, encrypt files by writing your own ransomware in Python, and fake emails like the ones used in phishing attacks. In advanced chapters, you’ll learn how to fuzz for new vulnerabilities, craft trojans and rootkits, exploit websites with SQL injection, and escalate your privileges to extract credentials, which you’ll use to traverse a private network.
Deploying the Metasploit framework’s reverse shells and embedding them in innocent-seeming files
Capturing passwords in a corporate Windows network using Mimikatz
Scanning (almost) every device on the internet to find potential victims
Performing advanced Cross-Site Scripting (XSS) attacks that execute sophisticated JavaScript payloads
📌 Download.
#Hack #Metasploit #Eng #book
💬 You’ll begin with the basics: capturing a victim’s network traffic with an ARP spoofing attack and then viewing it in Wireshark. From there, you’ll deploy reverse shells that let you remotely run commands on a victim’s computer, encrypt files by writing your own ransomware in Python, and fake emails like the ones used in phishing attacks. In advanced chapters, you’ll learn how to fuzz for new vulnerabilities, craft trojans and rootkits, exploit websites with SQL injection, and escalate your privileges to extract credentials, which you’ll use to traverse a private network.
Deploying the Metasploit framework’s reverse shells and embedding them in innocent-seeming files
Capturing passwords in a corporate Windows network using Mimikatz
Scanning (almost) every device on the internet to find potential victims
Performing advanced Cross-Site Scripting (XSS) attacks that execute sophisticated JavaScript payloads
📌 Download.
#Hack #Metasploit #Eng #book